Principle Engineer

Principle Engineer for Secure Development (AppSec)

Charlotte, NC or Chandler, AZ or Iselin, NJ (onsite 3x a week in any of these locations listed)

High Level Overview:

Principle Engineer for Secure Development, a part of AppSec, ensuring the code that development teams write has been vetted for faults, weakness, vulnerabilities, and remediated. Serve as a leader in the application security champions program, implement hard gates they put into CICD processes to ensure that applications are not shipped into production until they are the most secure they can be.

Role/Responsibilities:

Lead the optimization of Security Requirements and Secure Design for applications coming online for first time

Wells is mature in Secure Development, need this resource to help drive to the next levels of secure applications maturity

Demonstrate Dev Sec Ops expertise- someone can be in the code, identify at the code level when something is not properly written and find vulnerabilities.

Serve as Principle Engineer for Secure Code Requirements and Secure Design Development

Lead Static Code Analysis with Checkmarx, Checkmarx 1, BlackDuck.

Lead Dynamic Code Analysis: Burp Suite, Snyk

Perform Secure Code Reviews

Help to create and shape definition of done.

Responsible for maintaining tooling along development pipelines

Lead adoption of secure design patterns as code.

Manage feedback loop form production scanning into secure devlopment

Assist in building secure libraries and evangelize and enforce their use with development teams.

Test and prove security requirements throughout the SDLC.

Requirements

Need someone with proven experience as a thought leader in the Secure Apps/Secure Domain space

Experience working with development teams to put in patterns and practices to create less friction with security teams

Experience translating applicable laws, rules and regulatory requirements into secure development and find ways to make them measurable and testable.

Proven expertise maturing security requirements and implementing changes for security design patterns.

Extensive experience implementing secure design libraries

Proven track record of making it easier for developers to do things the right way.

Experience defining App Sec best practices and making recommendations on tools but will need to influence technical leaders, peers as well as business and product leaders to get them onboard.

Deep experience defining security requirements and policing standards-NIST, PCI, ISO, etc

Work Flow:

Tasks for individual will be primarily security requirements and secure design

Expect principal engineers to be able to operate with Autonomy

Need to spend first weeks learning the Wells way- what they do, how they do it, and what they have planned.

Also will be tasks with leading AI adoption- lead development of new AI use cases, evaluate efficiency gain through AI business cases-requires influencing leadership.

Will be involved in regular Scrum Team, but work they are leading is Cross functional (across different phases of the SLDC).

Application Space: Enterprise wide 5,000 applications, 21,000 developers spanning legacy production apps as well as new development include adoptions for AI tools. Many applications are Customer Facing, Web Facing, processing billions transactions, a lot of risk being involved so API security will be big.

Preferred career background:

Have been software engineer, then transitioned to security side, Keen Eye for detail. Find vulnerabilities in code, read hundreds of thousands of code, find the missing dot.

Fully transitioned in cyber security

Interest in pen testing

Active in Secure Development outside of work, they are patenying new techs, writing White Papers, presenting at OWASP chapters, writing articles. This person will be a trusted thought leader in the industry.